Chris Farmiloe <chrisfa...@gmail.com> writes: > I find the current LISTEN / NOTIFY rather limited in the context of > databases with multiple roles. As it stands it is not possible to restrict > the use of LISTEN or NOTIFY to specific roles, and therefore notifications > (and their payloads) cannot really be trusted as coming from any particular > source.
TBH, nobody has complained about this in the fifteen-plus years that LISTEN has been around. I'm dubious about adding privilege-checking overhead for everybody to satisfy a complaint from one person. > I'd like to propose a new ASYNC database privilege that would control > whether a role can use LISTEN, NOTIFY and UNLISTEN statements and the > associated pg_notify function. ... and if I did think that there were an issue here, I doubt I'd think that a privilege as coarse-grained as that would fix it. Surely you'd want per-channel privileges if you were feeling paranoid about this, not to mention separate read and write privileges. But the demand for that just isn't out there. regards, tom lane -- Sent via pgsql-hackers mailing list (firstname.lastname@example.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers